CVE-2026-0589

Опубликовано: 05 янв. 2026

Источник: nvd

CVSS3: 7.3

CVSS2: 7.5

EPSS Низкий

Описание

A vulnerability was found in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the component Administration Backend. The manipulation results in improper authentication. The attack may be performed from remote. The exploit has been made public and could be used.

Ссылки

https://code-projects.org/
Product
https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/auth_bypass_admin_panel.md
Exploit
Third Party Advisory
https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/auth_bypass_admin_panel.md#poc
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.339499
Permissions Required
VDB Entry
https://vuldb.com/?id.339499
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.731127
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fabian:online_product_reservation_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00204

Низкий

7.3 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-x3wv-9jvw-qwq2